VFX Biz Rage Raises Cyber Attack Fears

Growing anger in the struggling visual effects community is raising concerns that some of its more extreme members could mount a cyber attack against a major vfx facility with the intention of damaging digital assets for one or more upcoming studio tentpoles.

At present, the evidence that such an offensive is in the works is slim but significant enough to prompt rumblings among vfx insiders regarding specific plans being in the offing.

If successful, a cyber attack that damaged or destroyed vfx assets could set back production by months, cost each pic affected tens of millions of dollars, and wreak havoc with release dates. Any vfx company that lost its studio assets would probably be out of business in short order, as it would never again be trusted with studio work.

Even an attack that only disrupted a company’s internal network could slow production and add costs.

Variety contacted six major visual effects studios. Half declined comment and the others said they were unaware of any such specific threat. Some said that while they had not previously increased security, they would do so now.

The circumstances that would precipitate an attack aren’t difficult to divine. Some of the most aggrieved members of the vfx community are the same people who designed the inner workings of vfx houses, including render servers, composite pipelines and back-up systems.

Many visual effects workers are furious at the crisis besetting their industry and feel the majors are making millions from vfx-driven tentpoles while the artists who work on those pics put in arduous hours without health care coverage, retirement plans or job security. The immediate provocation, however, is said to be a string of real and perceived slights during Sunday’s Academy Awards ceremony, which provoked a torrent of fresh outrage vfx artists worldwide.

Vfx workers took to the streets with their protests on Sunday with a demonstration staged at the intersection of Hollywood and Vine, down the road from the Dolby Theater at Hollywood and Highland where the Oscars were staged.

David Rand, an organizer of Sunday’s protest, decried the idea of a cyber attack.

“I’m personally against that because a lot of the shops they’d be attacking are victims themselves,” he said. “But I’m not in favor of an attack on the studios, either. That’s not what we want to do, we want to show them a better way to work.”

One visual effects studio topper, who asked not to be identified due to fear of retaliation by hackers, the called the notion of a cyber attack “misplaced aggression.”

“The companies are suffering too,” he said. “There’s no single common enemy. We keep hearing about the evil studios, but it’s way deeper. It’s procurement practices, it’s subsidies, it’s globalization, it’s over-saturation of the marketplace, it’s underbidding. This terrorism, if were to happen, would hurt the very people it’s meant to help. Everybody suffers. I find it despicable. It’s the wrong way to do this.”

In a statement, the Visual Effects Society said: “While we understand and sympathize with the frustrations out there we cannot condone that kind of action.”

Security at visual effects studios is a major concern for the majors, who conduct regular audits at facilities where their tentpole pics are made. On one Warner Bros. movie, security measures at the vfx studio’s London HQ included all work on the pic being contained to a single floor, with only authorized artists given access to that floor, and a separate network for that picture, air-gapped from the rest of the company network.

Vfx companies commonly disconnect their production networks from the Internet, so artists who want email and web access must use a separate computer and network. However as more and more companies rely on offshoring and outsourcing, they have come to rely on data networks for sharing and reviewing digital assets over vast distances. People who helped design and build the infrastructure would know of any “back doors” or vulnerable spots, both human and electronic.

Vfx pros confirmed such an attack is possible. Former Digital Domain topper Scott Ross recalled that during a feud between DD and Warner Digital in the 1990s, DD staffers created a T-shirt that had a shrunken head of Bugs Bunny on the front and some Unix code on the back. “The code turned out to be instructions to bring down a network and wipe everything on it,” said Ross. “I checked with my computer scientists and they said it was absolutely possible.”

Previous cyber attacks on showbiz sites include an April 2012 attack on Sony’s PlayStation Network and a June 2011 attack on a German anti-piracy site. If there is a precedent for a cyber attack on a digital production facility, it has not been made public.

This appears to be a largely fact-free bit of scaremongering, and I suspect that there is a dubious reason that these ‘fears’ are being circulated now.

In the UK, VFX workers, through their union BECTU, have asked employers to be reasonable and engage with the unions about fair working hours and any steps that can reduce the impact of unpredictable work flows.

As a union we are very familiar with market conditions that put pressures on employers to squeeze staff – we understand that solutions need to be industry-wide and that individual employers can’t agree to uncompetitive terms.

But we have plenty of experience of dealing with *good* employers who are able to reach a reasonable settlement with a reasonable union. We have asked for a meaningful dialogue with these employers in London and they have refused. We published a survey of staff working in VFX outlining how poor their conditions were. The employers refused to accept the validity of it so we asked them to conduct a independent and verifiable survey of their own – they refused to do that.

Our members now realise that they have to organise properly and start to highlight the poor quality of management in this sector. I suspect one or two employers are attempting to dream up some scare stories to justify their ongoing refusal to be reasonable.

We would really welcome an invitation to a genuine dialogue with a London based major VFX employer about the working conditions in this sector. Our door is open and our diaries are cleared for it.

Aside from the obvious pointed out by the people below, I might also point out there is a very real shortage of engineers in this country. If you have the requisite knowledge to carry out this kind of attack, well, it’s a seller’s market for that kind of talent. An engineer might not like losing his or her job in the VFX industry, but other companies or waiting in line and fighting to hire these people. Why would they want to lose their job in VFX AND go to prison when they can lose their job in VFX and move up here to the Bay Area and be working again in a month with at least a comparable salary and better working conditions? That’s what I did… (thought not in VFX, from a very large Post production company…)

I have never seen a more baldfaced unfounded smear. This article has one purpose, to discredit a real and justified complaint about the failing industry and terrible treatment of working conditions. Do not believe the propaganda. Film studios have PR firms, we do not.

>> “At present, the evidence that such an offensive is in the works is slim…”

Actually, it’s “none”. But aside there being no evidence, more importantly, there’s no motivation. As in; WHY on Earth would we do that? To put OURSELVES out of a job? (Which is, y’know, the very thing we are all trying to AVOID having happen?)

>> “Any vfx company that lost its studio assets would probably be out of business in short order” — so you DID get that it would hurt, not help, the people you think might do this. So your headline is really: “VFX artists, worried their VFX company will go out of business, might for some weird reason intentionally put their VFX company out of business.”

What? What fantasy world is this article based on? We are not “Anonymous” nor are we Che-like violent revolutionaries. The many conversations about the current state of VFX and the Industry have covered a wide range of topics from Subsidies to Unionizing but I have not heard anyone talk about taking aggressive action. We are advanced computer users but almost none of us are “hackers”. A little less sensationalism and a little more relevant discussion please.

This article flouts the basic rules of journalism. Namely, don’t write a story you know is baseless or isn’t actually true. You can’t just make up a story that has no foundation whatsoever. Also, there is no credible source for this article, it’s just looking like something the author made up in order to stir things up. This whole article borders on propaganda, and we should expect better from an Associate Editor.

Where is that information coming from? I haven’t heard anything even remotely related to a “Cyber-Attack” coming from any VFX artist, hasn’t even been mentioned, and I’ve been keeping tabs online from the beginning. Is this story being made up to intentionally make vfx guys look like bad guys?